Lucene search
+L

1553 matches found

ubuntucve
ubuntucve
added 2026/05/08 3:16 p.m.12 views

CVE-2026-43384

In the Linux kernel, the following vulnerability has been resolved: net/tcp-ao: Fix MAC comparison to be constant-time To prevent timing attacks, MACs need to be compared in constant time. Use the appropriate helper function for this...

9.8CVSS5.7AI score0.00457EPSS
Exploits0References20
ubuntucve
ubuntucve
added 2026/05/08 3:16 p.m.13 views

CVE-2026-43383

In the Linux kernel, the following vulnerability has been resolved: net/tcp-md5: Fix MAC comparison to be constant-time To prevent timing attacks, MACs need to be compared in constant time. Use the appropriate helper function for this...

9.4CVSS5.7AI score0.00443EPSS
Exploits0References32
osv
osv
added 2026/05/08 3:16 p.m.9 views

UBUNTU-CVE-2026-43384

In the Linux kernel, the following vulnerability has been resolved: net/tcp-ao: Fix MAC comparison to be constant-time To prevent timing attacks, MACs need to be compared in constant time. Use the appropriate helper function for this...

9.8CVSS5.7AI score0.00457EPSS
Exploits0References21
osv
osv
added 2026/05/08 3:16 p.m.14 views

UBUNTU-CVE-2026-43383

In the Linux kernel, the following vulnerability has been resolved: net/tcp-md5: Fix MAC comparison to be constant-time To prevent timing attacks, MACs need to be compared in constant time. Use the appropriate helper function for this...

9.4CVSS5.7AI score0.00443EPSS
Exploits0References33
debiancve
debiancve
added 2026/05/08 2:21 p.m.9 views

CVE-2026-43384

In the Linux kernel, the following vulnerability has been resolved: net/tcp-ao: Fix MAC comparison to be constant-time To prevent timing attacks, MACs need to be compared in constant time. Use the appropriate helper function for this...

9.8CVSS5.7AI score0.00457EPSS
Exploits0
attackerkb
attackerkb
added 2026/05/08 2:21 p.m.7 views

CVE-2026-43384

In the Linux kernel, the following vulnerability has been resolved: net/tcp-ao: Fix MAC comparison to be constant-time To prevent timing attacks, MACs need to be compared in constant time. Use the appropriate helper function for this...

5.7AI score0.00457EPSS
Exploits0References5Affected Software1
cve
cve
added 2026/05/08 2:21 p.m.24 views

CVE-2026-43384

The CVE-2026-43384 issue concerns the Linux kernel TCP Authentication Option (TCP-AO) where MACs were compared without constant-time handling. The connected documents confirm a fix was applied to make MAC comparisons constant-time, mitigating timing-attack leakage of sensitive information. The vu...

9.8CVSS5.7AI score0.00457EPSS
Exploits0References4Affected Software1
cvelist
cvelist
added 2026/05/08 2:21 p.m.39 views

CVE-2026-43384 net/tcp-ao: Fix MAC comparison to be constant-time

In the Linux kernel, the following vulnerability has been resolved: net/tcp-ao: Fix MAC comparison to be constant-time To prevent timing attacks, MACs need to be compared in constant time. Use the appropriate helper function for this...

9.8CVSS0.00457EPSS
Exploits0References4
osv
osv
added 2026/05/08 2:21 p.m.2 views

CVE-2026-43384 net/tcp-ao: Fix MAC comparison to be constant-time

In the Linux kernel, the following vulnerability has been resolved: net/tcp-ao: Fix MAC comparison to be constant-time To prevent timing attacks, MACs need to be compared in constant time. Use the appropriate helper function for this...

9.8CVSS6.5AI score0.00457EPSS
Exploits0References7
cvelist
cvelist
added 2026/05/08 2:21 p.m.34 views

CVE-2026-43383 net/tcp-md5: Fix MAC comparison to be constant-time

In the Linux kernel, the following vulnerability has been resolved: net/tcp-md5: Fix MAC comparison to be constant-time To prevent timing attacks, MACs need to be compared in constant time. Use the appropriate helper function for this...

9.4CVSS0.00443EPSS
Exploits0References8
attackerkb
attackerkb
added 2026/05/08 2:21 p.m.7 views

CVE-2026-43383

In the Linux kernel, the following vulnerability has been resolved: net/tcp-md5: Fix MAC comparison to be constant-time To prevent timing attacks, MACs need to be compared in constant time. Use the appropriate helper function for this...

9.4CVSS5.7AI score0.00443EPSS
Exploits0References9Affected Software1
debiancve
debiancve
added 2026/05/08 2:21 p.m.9 views

CVE-2026-43383

In the Linux kernel, the following vulnerability has been resolved: net/tcp-md5: Fix MAC comparison to be constant-time To prevent timing attacks, MACs need to be compared in constant time. Use the appropriate helper function for this...

9.4CVSS5.7AI score0.00443EPSS
Exploits0
cve
cve
added 2026/05/08 2:21 p.m.54 views

CVE-2026-43383

CVE-2026-43383 affects the Linux kernel’s TCP MD5 signature handling. The root cause is a non-constant-time MAC comparison, enabling potential timing attacks. The vulnerability is addressed by changing the MAC comparison to a constant-time implementation using the appropriate helper function. The...

9.4CVSS5.7AI score0.00443EPSS
Exploits0References8Affected Software1
osv
osv
added 2026/05/08 2:21 p.m.2 views

CVE-2026-43383 net/tcp-md5: Fix MAC comparison to be constant-time

In the Linux kernel, the following vulnerability has been resolved: net/tcp-md5: Fix MAC comparison to be constant-time To prevent timing attacks, MACs need to be compared in constant time. Use the appropriate helper function for this...

9.4CVSS5.8AI score0.00443EPSS
Exploits0References11
cnnvd
cnnvd
added 2026/05/08 12:0 a.m.9 views

Linux kernel 安全漏洞

The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the fact that the MAC comparison in tcp-ao does not use a constant time, potentially leading to timing...

9.8CVSS5.8AI score0.00457EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2026/05/08 12:0 a.m.9 views

PT-2026-39045

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A timing attack issue exists in the TCP Authentication Option TCP-AO implementation. The Message Authentication Code MAC comparison was not performed in constant-time, which could allow ...

9.8CVSS5.8AI score0.00457EPSS
Exploits0
ptsecurity
ptsecurity
added 2026/05/08 12:0 a.m.12 views

PT-2026-39044

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A timing attack is possible because Message Authentication Codes MACs are not compared in constant time. This allows an attacker to potentially deduce information by measuring the time t...

9.4CVSS5.8AI score0.00443EPSS
Exploits0
osv
osv
added 2026/05/06 11:37 p.m.8 views

GHSA-53HJ-R94P-8C8F Kanidm has non-constant-time comparison of OAuth2 client_secret

Summary The kanidmd OAuth2 token-exchange /oauth2/token and token-introspection /oauth2/token/introspect endpoints compare the supplied clientsecret against the stored secret using Rust's PartialEq on String, which short-circuits on the first mismatching byte. This produces an observable timing...

3.7CVSS6AI score
Exploits0References2
osv
osv
added 2026/05/06 11:16 p.m.8 views

GHSA-248H-974Q-XRC2 axonflow-sdk-java: Webhook signing-key (HMAC-SHA256) not exposed by SDK type, preventing signature verification

Summary The AxonFlow SDK's WebhookSubscription or equivalent type did not expose the HMAC-SHA256 signing key returned by the platform's CreateWebhook endpoint. Without access to the secret through the typed SDK API, callers had no path to verify the X-AxonFlow-Signature header on incoming webhook...

5.9CVSS5.8AI score
Exploits0References2
github
github
added 2026/05/06 11:16 p.m.8 views

axonflow-sdk-java: Webhook signing-key (HMAC-SHA256) not exposed by SDK type, preventing signature verification

Summary The AxonFlow SDK's WebhookSubscription or equivalent type did not expose the HMAC-SHA256 signing key returned by the platform's CreateWebhook endpoint. Without access to the secret through the typed SDK API, callers had no path to verify the X-AxonFlow-Signature header on incoming webhook...

5.8AI score
Exploits0References2Affected Software1
Rows per page
Query Builder